Troy
It is a bit confusing for me, as I am always using left for the local system,
right for the remote.
Assumptions
S'Toon
external IP address 135.115.157.162
internal networks 192.168.161.0/24 192.168.162.0/24 192.168.163.0/24
Victoria
external IP address 24.35.38.129
internal network 172.0.0.0/8
Please observe the difference in auto= between the two systems, only one should
start the connection.
At 18:59 15.11.2004 -0600, Troy Aden wrote:
>First of all, thanks so much for the quick reply! I am sorry to bug you a
>second time but I need some baby steps here.
>Can you please give me a example with the configs I provided. I need to see
>the "also=common_conn_params" in terms of my config.
>For example, if I had a 192.168.161.0/24, 192.168.162.0/24,192.168.163.0/24,
>networks on router A side. And I wanted Router B to connect to ONLY those
>subnets. Can you please type in "exactly" what I would need on both router A
>(S'toon) and router B (Victoria). From that, I should be able to figure out
>what I need to do to be more pricise about the Router B networks within the
>172.0.0.0/8 range.
>
>Again.Thanks in advance!!! Sorry to be a pain.
>
>Troy.
>
Router A (S'toon)
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn victoria
right=%defaultroute
left=24.35.38.129
leftsubnet=172.0.0.0/8
esp=aes
auto=start
conn victoria_1
also=victoria
rightsubnet=192.168.161.0/24
conn victoria_2
also=victoria
rightsubnet=192.168.162.0/24
conn victoria_2
also=victoria
rightsubnet=192.168.163.0/24
Router B (Victoria)
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn stoon
right=%defaultroute
rightsubnet=172.0.0.0/8
left=135.115.157.162
esp=aes
auto=add
conn stoon_1
also=stoon
leftsubnet=192.168.161.0/24
conn stoon_1
also=stoon
leftsubnet=192.168.162.0/24
conn stoon_1
also=stoon
leftsubnet=192.168.163.0/24
HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
